From 0c57f8d4861cfd9699e2dd848b8838a619acb283 Mon Sep 17 00:00:00 2001 From: yalh76 Date: Fri, 14 Jan 2022 20:39:46 +0100 Subject: [PATCH 1/6] Apply example_ynh --- check_process | 4 ++++ conf/systemd.service | 9 ++++++--- manifest.json | 2 +- scripts/backup | 6 +++--- scripts/install | 30 +++++++++++++++--------------- scripts/remove | 17 ++++++++--------- scripts/restore | 27 ++++++++++++++------------- scripts/upgrade | 37 ++++++++++++++++++++++--------------- 8 files changed, 73 insertions(+), 59 deletions(-) diff --git a/check_process b/check_process index 6c257c7..7a11dff 100644 --- a/check_process +++ b/check_process @@ -49,6 +49,8 @@ #upgrade=1 from_commit=3e69fac2078f96ba5a4cb73966345f44a95147bf # 1.18.2~ynh1 upgrade=1 from_commit=f0cfbbfd9acf04d7df4d2b7c6c6f80da4db04f24 + # 1.18.6~ynh1 + upgrade=1 from_commit=75e55a85c81efbd26a2b2120916becb6940367ba backup_restore=1 multi_instance=1 port_already_use=0 @@ -95,3 +97,5 @@ Notification=all name=1.18.1~ynh1 ; commit=f0cfbbfd9acf04d7df4d2b7c6c6f80da4db04f24 name=1.18.2~ynh1 + ; commit=75e55a85c81efbd26a2b2120916becb6940367ba + name=1.18.6~ynh1 diff --git a/conf/systemd.service b/conf/systemd.service index 991e74b..3cb8b88 100644 --- a/conf/systemd.service +++ b/conf/systemd.service @@ -10,12 +10,15 @@ Restart=on-failure SuccessExitStatus=3 4 RestartForceExitStatus=3 4 -# Hardening +# Sandboxing options to harden security +# Depending on specificities of your service/app, you may need to tweak these +# .. but this should be a good baseline +# Details for these options: https://www.freedesktop.org/software/systemd/man/systemd.exec.html +NoNewPrivileges=true +PrivateTmp=yes ProtectSystem=full -PrivateTmp=true SystemCallArchitectures=native MemoryDenyWriteExecute=true -NoNewPrivileges=true [Install] WantedBy=multi-user.target diff --git a/manifest.json b/manifest.json index f4bda9d..5668c7c 100644 --- a/manifest.json +++ b/manifest.json @@ -6,7 +6,7 @@ "en": "Continuous file synchronization program", "fr": "Programme de synchronisation de fichiers en continu" }, - "version": "1.18.6~ynh1", + "version": "1.18.6~ynh2", "url": "https://syncthing.net/", "upstream": { "license": "MPL-2.0", diff --git a/scripts/backup b/scripts/backup index 11eb9f9..d8cb0be 100644 --- a/scripts/backup +++ b/scripts/backup @@ -29,7 +29,7 @@ app=$YNH_APP_INSTANCE_NAME final_path=$(ynh_app_setting_get --app=$app --key=final_path) domain=$(ynh_app_setting_get --app=$app --key=domain) -sync_home=$(ynh_app_setting_get --app=$app --key=sync_home) +datadir=$(ynh_app_setting_get --app=$app --key=datadir) #================================================= # DECLARE DATA AND CONF FILES TO BACKUP @@ -43,10 +43,10 @@ ynh_print_info --message="Declaring files to be backed up..." ynh_backup --src_path="$final_path" #================================================= -# BACKUP THE DATA DIRECTORY +# BACKUP THE DATA DIR #================================================= -ynh_backup --src_path="$sync_home" --is_big +ynh_backup --src_path="$datadir" --is_big #================================================= # BACKUP THE NGINX CONFIGURATION diff --git a/scripts/install b/scripts/install index 0472aa6..d822f67 100644 --- a/scripts/install +++ b/scripts/install @@ -58,15 +58,15 @@ ynh_app_setting_set --app=$app --key=admin --value=$admin ynh_script_progression --message="Finding an available port..." # Find an available port +port=$(ynh_find_port --port=22000) +ynh_app_setting_set --app=$app --key=port --value=$port + gui_port=$(ynh_find_port --port=8384) ynh_app_setting_set --app=$app --key=gui_port --value=$gui_port -sync_port=$(ynh_find_port --port=22000) -ynh_app_setting_set --app=$app --key=sync_port --value=$sync_port - # Open the port ynh_script_progression --message="Configuring firewall..." -ynh_exec_warn_less yunohost firewall allow TCP $sync_port +ynh_exec_warn_less yunohost firewall allow TCP $port #================================================= # CREATE DEDICATED USER @@ -100,23 +100,23 @@ ynh_add_nginx_config #================================================= # SPECIFIC SETUP #================================================= -# CREATE SYNC DIRECTORY +# CREATE DATA DIRECTORY #================================================= -ynh_script_progression --message="Creating sync directory..." +ynh_script_progression --message="Creating a data directory..." -sync_home=/home/yunohost.app/$app -ynh_app_setting_set --app=$app --key=sync_home --value=$sync_home +datadir=/home/yunohost.app/$app +ynh_app_setting_set --app=$app --key=datadir --value=$datadir -mkdir -p $sync_home +mkdir -p $datadir -chmod 750 "$sync_home" -chmod -R o-rwx "$sync_home" -chown -R $app:$app "$sync_home" +chmod 750 "$datadir" +chmod -R o-rwx "$datadir" +chown -R $app:$app "$datadir" #================================================= # ADD A CONFIGURATION #================================================= -ynh_script_progression --message="Adding a config file..." +ynh_script_progression --message="Adding a configuration file..." mkdir -p "$final_path/.config/syncthing" config_file="$final_path/.config/syncthing/config.xml" @@ -142,7 +142,7 @@ chown -R $app: $final_path ynh_systemd_action --service_name=$app --action="start" --log_path=systemd --line_match="Access the GUI via the following URL" -ynh_replace_string --match_string="tcp://quic:%2F%2F0.0.0.0:$sync_port" --replace_string="quic//0.0.0.0:$sync_port" --target_file="$config_file" +ynh_replace_string --match_string="tcp://quic:%2F%2F0.0.0.0:$port" --replace_string="quic//0.0.0.0:$port" --target_file="$config_file" ynh_systemd_action --service_name=$app --action="stop" --log_path=systemd @@ -155,7 +155,7 @@ ynh_store_file_checksum --file="$config_file" #================================================= ynh_script_progression --message="Integrating service in YunoHost..." -yunohost service add $app --description="$app daemon for Syncthing" --needs_exposed_ports=$sync_port +yunohost service add $app --description="$app daemon for Syncthing" --needs_exposed_ports=$port #================================================= # START SYSTEMD SERVICE diff --git a/scripts/remove b/scripts/remove index 5fb98ea..f6e9f92 100644 --- a/scripts/remove +++ b/scripts/remove @@ -17,10 +17,9 @@ ynh_script_progression --message="Loading installation settings..." app=$YNH_APP_INSTANCE_NAME domain=$(ynh_app_setting_get --app=$app --key=domain) +port=$(ynh_app_setting_get --app=$app --key=port) final_path=$(ynh_app_setting_get --app=$app --key=final_path) -sync_home=$(ynh_app_setting_get --app=$app --key=sync_home) - -sync_port=$(ynh_app_setting_get --app=$app --key=sync_port) +datadir=$(ynh_app_setting_get --app=$app --key=datadir) #================================================= # STANDARD REMOVE @@ -55,11 +54,11 @@ ynh_secure_remove --file="$final_path" # REMOVE DATA DIR #================================================= -# Remove the app data directory with the command `yunohost app remove syncthing --purge` +# Remove the data directory if --purge option is used if [ "${YNH_APP_PURGE:-0}" -eq 1 ] then - ynh_script_progression --message="Removing $app data directory..." --weight=2 - ynh_secure_remove --file="$sync_home" + ynh_script_progression --message="Removing app data directory..." + ynh_secure_remove --file="$datadir" fi #================================================= @@ -74,10 +73,10 @@ ynh_remove_nginx_config # CLOSE A PORT #================================================= -if yunohost firewall list | grep -q "\- $sync_port$" +if yunohost firewall list | grep -q "\- $port$" then - ynh_script_progression --message="Closing port $sync_port..." - ynh_exec_warn_less yunohost firewall disallow TCP $sync_port + ynh_script_progression --message="Closing port $port..." + ynh_exec_warn_less yunohost firewall disallow TCP $port fi #================================================= diff --git a/scripts/restore b/scripts/restore index c327c7c..ef19662 100644 --- a/scripts/restore +++ b/scripts/restore @@ -30,15 +30,16 @@ app=$YNH_APP_INSTANCE_NAME domain=$(ynh_app_setting_get --app=$app --key=domain) path_url=$(ynh_app_setting_get --app=$app --key=path) final_path=$(ynh_app_setting_get --app=$app --key=final_path) -sync_home=$(ynh_app_setting_get --app=$app --key=sync_home) -sync_port=$(ynh_app_setting_get --app=$app --key=sync_port) +port=$(ynh_app_setting_get --app=$app --key=port) +datadir=$(ynh_app_setting_get --app=$app --key=datadir) #================================================= # CHECK IF THE APP CAN BE RESTORED #================================================= ynh_script_progression --message="Validating restoration parameters..." -test ! -d $final_path || ynh_die --message="There is already a directory: $final_path " +test ! -d $final_path \ + || ynh_die --message="There is already a directory: $final_path " #================================================= # STANDARD RESTORATION STEPS @@ -48,7 +49,7 @@ test ! -d $final_path || ynh_die --message="There is already a directory: $final ynh_script_progression --message="Configuring firewall..." # Open the port -ynh_exec_warn_less yunohost firewall allow TCP $sync_port +ynh_exec_warn_less yunohost firewall allow TCP $port #================================================= # RESTORE THE NGINX CONFIGURATION @@ -63,7 +64,7 @@ ynh_restore_file --origin_path="/etc/nginx/conf.d/$domain.d/$app.conf" ynh_script_progression --message="Recreating the dedicated system user..." # Create the dedicated user (if not existing) -ynh_system_user_create --username=$app --home_dir="$final_path" +ynh_system_user_create --username=$app --home_dir=$final_path #================================================= # RESTORE THE APP MAIN DIR @@ -77,17 +78,17 @@ chmod -R o-rwx "$final_path" chown -R $app:$app "$final_path" #================================================= -# RECREATE SYNC DIRECTORY +# RESTORE THE DATA DIRECTORY #================================================= -ynh_script_progression --message="Recreating sync directory..." +ynh_script_progression --message="Restoring the data directory..." -ynh_restore_file --origin_path="$sync_home" --not_mandatory +ynh_restore_file --origin_path="$datadir" --not_mandatory -mkdir -p $sync_home +mkdir -p $datadir -chmod 750 "$sync_home" -chmod -R o-rwx "$sync_home" -chown -R $app:$app "$sync_home" +chmod 750 "$datadir" +chmod -R o-rwx "$datadir" +chown -R $app:$app "$datadir" #================================================= # SPECIFIC RESTORATION @@ -104,7 +105,7 @@ systemctl enable $app.service --quiet #================================================= ynh_script_progression --message="Integrating service in YunoHost..." -yunohost service add $app --description="$app daemon for Syncthing" --needs_exposed_ports=$sync_port +yunohost service add $app --description="$app daemon for Syncthing" --needs_exposed_ports=$port #================================================= # START SYSTEMD SERVICE diff --git a/scripts/upgrade b/scripts/upgrade index fbdda49..60b13d8 100644 --- a/scripts/upgrade +++ b/scripts/upgrade @@ -21,8 +21,8 @@ path_url=$(ynh_app_setting_get --app=$app --key=path) final_path=$(ynh_app_setting_get --app=$app --key=final_path) architecture=$YNH_ARCH -sync_home=$(ynh_app_setting_get --app=$app --key=sync_home) -sync_port=$(ynh_app_setting_get --app=$app --key=sync_port) +datadir=$(ynh_app_setting_get --app=$app --key=datadir) +port=$(ynh_app_setting_get --app=$app --key=port) gui_port=$(ynh_app_setting_get --app=$app --key=gui_port) #================================================= @@ -78,16 +78,16 @@ if [ -z $gui_port ]; then gui_port=$OLD_GUIPORT ynh_app_setting_set --app=$app --key=gui_port --value=$gui_port - sync_home="/home/yunohost.app/$app" - ynh_app_setting_set --app=$app --key=sync_home --value=$sync_home + datadir="/home/yunohost.app/$app" + ynh_app_setting_set --app=$app --key=datadir --value=$datadir - sync_port=$OLD_SYNCPORT - ynh_app_setting_set --app=$app --key=sync_port --value=$sync_port + port=$OLD_SYNCPORT + ynh_app_setting_set --app=$app --key=port --value=$port mkdir -p $final_path cp -R $OLD_SYNCHOME/.config $final_path/.config - ynh_replace_string --match_string="~" --replace_string="$sync_home" --target_file="$final_path/.config/syncthing/config.xml" + ynh_replace_string --match_string="~" --replace_string="$datadir" --target_file="$final_path/.config/syncthing/config.xml" systemctl stop syncthing@$OLD_SYNCUSER.service yunohost service remove syncthing@$OLD_SYNCUSER.service @@ -102,6 +102,13 @@ if [ -z $gui_port ]; then ynh_remove_app_dependencies fi +# If gui_port doesn't exist, create it +if [ -z $datadir ]; then + datadir=$(ynh_app_setting_get --app=$app --key=sync_home) + ynh_app_setting_set --app=$app --key=datadir --value=$datadir + ynh_app_setting_delete --app="$app" --key="sync_home" +fi + # Cleaning legacy permissions if ynh_legacy_permissions_exists; then ynh_legacy_permissions_delete_all @@ -144,20 +151,20 @@ ynh_add_nginx_config #================================================= # SPECIFIC UPGRADE #================================================= -# CREATE SYNC DIRECTORY +# CREATE DATA DIRECTORY #================================================= -ynh_script_progression --message="Creating sync directory..." +ynh_script_progression --message="Creating a data directory..." # Make directories and set rights -mkdir -p "$sync_home" -chmod 750 "$sync_home" -chmod -R o-rwx "$sync_home" -chown -R $app:$app "$sync_home" +mkdir -p "$datadir" +chmod 750 "$datadir" +chmod -R o-rwx "$datadir" +chown -R $app:$app "$datadir" #================================================= # UPDATE A CONFIG FILE #================================================= -ynh_script_progression --message="Updating a config file..." +ynh_script_progression --message="Updating a configuration file..." config_file="$final_path/.config/syncthing/config.xml" @@ -185,7 +192,7 @@ ynh_add_systemd_config #================================================= ynh_script_progression --message="Integrating service in YunoHost..." -yunohost service add $app --description="$app daemon for Syncthing" --needs_exposed_ports=$sync_port +yunohost service add $app --description="$app daemon for Syncthing" --needs_exposed_ports=$port #================================================= # START SYSTEMD SERVICE From 5273c97de5ef8df5ed68e4417301848e120d53d5 Mon Sep 17 00:00:00 2001 From: Yunohost-Bot <> Date: Fri, 14 Jan 2022 19:39:51 +0000 Subject: [PATCH 2/6] Auto-update README --- README.md | 2 +- README_fr.md | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/README.md b/README.md index fc260a3..194f0ae 100644 --- a/README.md +++ b/README.md @@ -18,7 +18,7 @@ If you don't have YunoHost, please consult [the guide](https://yunohost.org/#/in Syncthing is a continuous file synchronization program. It synchronizes files between two or more computers in real time, safely protected from prying eyes. Your data is your data alone and you deserve to choose where it is stored, whether it is shared with some third party, and how it's transmitted over the internet. -**Shipped version:** 1.18.6~ynh1 +**Shipped version:** 1.18.6~ynh2 diff --git a/README_fr.md b/README_fr.md index b6e6650..430684a 100644 --- a/README_fr.md +++ b/README_fr.md @@ -14,7 +14,7 @@ Si vous n'avez pas YunoHost, regardez [ici](https://yunohost.org/#/install) pour Syncthing is a continuous file synchronization program. It synchronizes files between two or more computers in real time, safely protected from prying eyes. Your data is your data alone and you deserve to choose where it is stored, whether it is shared with some third party, and how it's transmitted over the internet. -**Version incluse :** 1.18.6~ynh1 +**Version incluse :** 1.18.6~ynh2 From a1dfd74ba35d421881b31e8dde7a0d72673ba90b Mon Sep 17 00:00:00 2001 From: yalh76 Date: Fri, 14 Jan 2022 21:13:37 +0100 Subject: [PATCH 3/6] Typo --- scripts/upgrade | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/scripts/upgrade b/scripts/upgrade index 60b13d8..54bfc9e 100644 --- a/scripts/upgrade +++ b/scripts/upgrade @@ -102,7 +102,7 @@ if [ -z $gui_port ]; then ynh_remove_app_dependencies fi -# If gui_port doesn't exist, create it +# If datadir doesn't exist, create it if [ -z $datadir ]; then datadir=$(ynh_app_setting_get --app=$app --key=sync_home) ynh_app_setting_set --app=$app --key=datadir --value=$datadir From a7b82873a2225cca24a0daeb9d7b4acbeb9c4ca0 Mon Sep 17 00:00:00 2001 From: yalh76 Date: Tue, 18 Jan 2022 20:08:00 +0100 Subject: [PATCH 4/6] Fix missing __SYNC_HOME__ --- conf/config.xml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/conf/config.xml b/conf/config.xml index f2c384a..7aa048e 100644 --- a/conf/config.xml +++ b/conf/config.xml @@ -43,7 +43,7 @@ true 10 0 - __SYNC_HOME__ + __DATADIR__ true 0 From ebed7c2aa7164752de456339913b7fdb022a7a84 Mon Sep 17 00:00:00 2001 From: yalh76 Date: Thu, 20 Jan 2022 20:44:00 +0100 Subject: [PATCH 5/6] Fix __SYNC_PORT__ --- conf/config.xml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/conf/config.xml b/conf/config.xml index 7aa048e..bc48c4e 100644 --- a/conf/config.xml +++ b/conf/config.xml @@ -10,8 +10,8 @@ false - tcp://0.0.0.0:__SYNC_PORT__ - quic://0.0.0.0:__SYNC_PORT__ + tcp://0.0.0.0:__PORT__ + quic://0.0.0.0:__PORT__ default true true From 4d25d6748748b40d671887831cb3b58257c52d63 Mon Sep 17 00:00:00 2001 From: yalh76 Date: Sat, 22 Jan 2022 15:51:09 +0100 Subject: [PATCH 6/6] Fix missing port --- scripts/upgrade | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/scripts/upgrade b/scripts/upgrade index 54bfc9e..418c1dc 100644 --- a/scripts/upgrade +++ b/scripts/upgrade @@ -102,6 +102,13 @@ if [ -z $gui_port ]; then ynh_remove_app_dependencies fi +# If port doesn't exist, create it +if [ -z $port ]; then + port=$(ynh_app_setting_get --app=$app --key=sync_port) + ynh_app_setting_set --app=$app --key=port --value=$port + ynh_app_setting_delete --app=$app --key=sync_port +fi + # If datadir doesn't exist, create it if [ -z $datadir ]; then datadir=$(ynh_app_setting_get --app=$app --key=sync_home)